Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

PTT Group project - Quotation.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.126809611526652
Filename:	PTT Group project - Quotation.exe
Filesize:	1176576
MD5:	0ffee94b9fb3a74d3f1ad3774edc51ed
SHA1:	0fe3355e5e7a1543c42a1c66fd9285b2b0529af0
SHA256:	c413b461e4df7628f4ccdaa98233ec18a3d6808265dc38f631902ef58f502c88
SHA512:	0f28ca9ddc2ca8d6bcbddfe9db4df9ef4b6eec83b1941afaeef0e5de4e114debd7a9c7cde6d00d4a85f1ac0ffa9c269e6a8709d6fc58f91134e670df077d6e11
SSDEEP:	24576:mAHnh+eWsN3skA4RV1Hom2KXMmHapq3CukTLUC9k9RSFz8tj6V5:Bh+ZkldoPK8YapRuO59sjw
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection	Disable or Modify Tools
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Switches to a custom stack to bypass stack traces	Malware Analysis System Evasion
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing
Contains functionality to block mouse and keyboard input (often used to hinder debugging)	Anti Debugging	Disable or Modify Tools
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection
Contains functionality to communicate with device drivers	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to execute programs as a different user	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Contains functionality to launch a process as a different user	System Summary	Valid Accounts Native API Access Token Manipulation
Contains functionality to launch a program with higher privileges	HIPS / PFW / Operating System Protection Evasion	Exploitation for Privilege Escalation
Contains functionality to modify clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Process Discovery Clipboard Data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)	Remote Access Functionality
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	Disable or Modify Tools
Contains functionality to read the PEB	Anti Debugging
Contains functionality to read the clipboard data	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Contains functionality to retrieve information about pressed keystrokes	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Contains functionality to shutdown / reboot the system	System Summary	System Shutdown/Reboot
Contains functionality to simulate keystroke presses	HIPS / PFW / Operating System Protection Evasion
Contains functionality to simulate mouse events	HIPS / PFW / Operating System Protection Evasion
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Disable or Modify Tools
Detected potential crypto function	System Summary	Process Discovery Archive Collected Data Encrypted Channel
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection
Found evasive API chain (date check)	Malware Analysis System Evasion
Found large amount of non-executed APIs	Malware Analysis System Evasion
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information	Disable or Modify Tools System Shutdown/Reboot
Potential key logger detected (key state polling based)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Disable or Modify Tools
Sample file is different than original file name gathered from version info	System Summary	System Shutdown/Reboot
Uses 32bit PE files	Compliance, System Summary	Disable or Modify Tools
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality for error logging	System Summary	Disable or Modify Tools
Contains functionality to add an ACL to a security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary
Contains functionality to check free disk space	System Summary
Contains functionality to create a new security descriptor	HIPS / PFW / Operating System Protection Evasion
Contains functionality to download additional files from the internet	Networking
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to instantiate COM classes	System Summary
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Contains functionality to query the account / user name	Language, Device and Operating System Detection	Account Discovery System Owner/User Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to register its own exception handler	Anti Debugging
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection	Disable or Modify Tools
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion
PE file has an executable .text section and no other executable section	System Summary
Program exit points	Malware Analysis System Evasion	Disable or Modify Tools
Reads software policies	System Summary
Sample is known by Antivirus	System Summary	Disable or Modify Tools
Tries to load missing DLLs	System Summary	DLL Side-Loading Disable or Modify Tools
PE file contains a valid data directory to section mapping	System Summary	Security Software Discovery
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary	Disable or Modify Tools

C:\Users\user\AppData\Local\Temp\1-673479

SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\1-673479
Category:	dropped
Dump:	1-673479.3.dr
ID:	dr_4
Target ID:	3
Process:	C:\Windows\SysWOW64\RMActivate_ssp.exe
Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Entropy:	0.9746603542602881
Encrypted:	false
Ssdeep:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
Size:	114688
Whitelisted:	true
Reputation:	high

C:\Users\user\AppData\Local\Temp\autC8E0.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\autC8E0.tmp
Category:	dropped
Dump:	autC8E0.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\PTT Group project - Quotation.exe
Type:	data
Entropy:	7.992546164758959
Encrypted:	true
Ssdeep:	6144:RN+7bNnd4i7hodlFf3L08/3nkS1lZOgk9nCcvzSGZ:R8JdlhWlFfl/3T1jOZnCVo
Size:	270848
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates temporary files	System Summary

C:\Users\user\AppData\Local\Temp\autC92F.tmp

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\autC92F.tmp
Category:	dropped
Dump:	autC92F.tmp.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\PTT Group project - Quotation.exe
Type:	data
Entropy:	7.608555311952128
Encrypted:	false
Ssdeep:	192:ZyaFcKrLMynw1R9GCkEWAsd0Zv3ORpcAMh5vkdtRMnrYLrPkBm:3F7rwynwdGCgdMejcvvsdX8rYXPf
Size:	9846
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\savager

ASCII text, with very long lines (28756), with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\savager
Category:	dropped
Dump:	savager.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\PTT Group project - Quotation.exe
Type:	ASCII text, with very long lines (28756), with no line terminators
Entropy:	3.5964080474172366
Encrypted:	false
Ssdeep:	768:4iTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbp+Iw6lr4vfF3if6gyTu:4iTZ+2QoioGRk6ZklputwjpjBkCiw2Rv
Size:	28756
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Temp\ultraradicalism

data

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\ultraradicalism
Category:	dropped
Dump:	ultraradicalism.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\PTT Group project - Quotation.exe
Type:	data
Entropy:	7.992546164758959
Encrypted:	true
Ssdeep:	6144:RN+7bNnd4i7hodlFf3L08/3nkS1lZOgk9nCcvzSGZ:R8JdlhWlFfl/3T1jOZnCVo
Size:	270848
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\PTT Group project - Quotation.exe

"C:\Users\user\Desktop\PTT Group project - Quotation.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6804
Target ID:	0
Parent PID:	2580
Name:	PTT Group project - Quotation.exe
Path:	C:\Users\user\Desktop\PTT Group project - Quotation.exe
Commandline:	"C:\Users\user\Desktop\PTT Group project - Quotation.exe"
Size:	1176576
MD5:	0FFEE94B9FB3A74D3F1AD3774EDC51ED
Time:	21:21:53
Date:	04/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x910000
Modulesize:	1200128
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Initial sample is a PE file and has a suspicious name	System Summary
Machine Learning detection for sample	AV Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
OS version to string mapping found (often used in BOTs)	Stealing of Sensitive Information
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Uncommon Svchost Parent Process	System Summary
Uses 32bit PE files	Compliance, System Summary
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\SysWOW64\svchost.exe

"C:\Users\user\Desktop\PTT Group project - Quotation.exe"

Details

Is windows:	true
Is dropped:	false
PID:	480
Target ID:	1
Parent PID:	6804
Name:	svchost.exe
Path:	C:\Windows\SysWOW64\svchost.exe
Commandline:	"C:\Users\user\Desktop\PTT Group project - Quotation.exe"
Size:	46504
MD5:	1ED18311E3DA35942DB37D15FA40CC5B
Time:	21:21:54
Date:	04/07/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0xf30000
Modulesize:	53248
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Yara detected FormBook	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Writes to foreign memory regions	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Uncommon Svchost Parent Process	System Summary
Sigma detected: Windows Processes Suspicious Parent Directory	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe

"C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe"

Details

Is windows:	true
Is dropped:	false
PID:	5544
Target ID:	2
Parent PID:	480
Name:	KWyVcOvVIsFTpZOKF.exe
Path:	C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe
Commandline:	"C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	21:21:57
Date:	04/07/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x690000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\RMActivate_ssp.exe

"C:\Windows\SysWOW64\RMActivate_ssp.exe"

Details

Is windows:	true
Is dropped:	false
PID:	4416
Target ID:	3
Parent PID:	5544
Name:	RMActivate_ssp.exe
Path:	C:\Windows\SysWOW64\RMActivate_ssp.exe
Commandline:	"C:\Windows\SysWOW64\RMActivate_ssp.exe"
Size:	478720
MD5:	6599A09C160036131E4A933168DA245F
Time:	21:21:59
Date:	04/07/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	false
Is elevated:	false
Modulebase:	0x80000
Modulesize:	495616
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe

"C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe"

Details

Is windows:	true
Is dropped:	false
PID:	980
Target ID:	5
Parent PID:	4416
Name:	KWyVcOvVIsFTpZOKF.exe
Path:	C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe
Commandline:	"C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe"
Size:	140800
MD5:	32B8AD6ECA9094891E792631BAEA9717
Time:	21:22:13
Date:	04/07/2024
Reason:	existingprocessinject
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x690000
Modulesize:	155648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Queues an APC in another process (thread injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\Firefox.exe"

Details

Is windows:	true
Is dropped:	false
PID:	3992
Target ID:	8
Parent PID:	4416
Name:	firefox.exe
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Size:	676768
MD5:	C86B1BE9ED6496FE0E0CBE73F81D8045
Time:	21:22:24
Date:	04/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff6bf500000
Modulesize:	708608
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion	Process Injection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

http://www.binpvae.lol/kfqo/?9TND4h=NiOdQOuMLD2zHgMWwKws4JzuutDmLpx3tWxYTf2s7ZGupi3Uz5m5Dts89dE7D44P7JMDqAvEJ+8u+Llyo4b9pPx+fjdmUm+qFImntH+EZRPwIZM2dcS4AHM=&MXOD=nDFLlbM87h

116.213.43.190

http://www.a9jcpf.top/1kbe/

147.92.36.231

http://www.ytw6.top/rmef/?9TND4h=UdI5Nug9LeCq3QKyZxAFTuhDHYNaCA3T0/tR5L8b4jWaA2fUCVH3fLw1ebDEBIsiTWaLxfrgjTz4bD/84RJrNmZZ6yqPN++//ptV/K/4BOxQ2TPEoKO+wL0=&MXOD=nDFLlbM87h

38.47.232.224

http://www.lexiecos.top/ff8d/

203.161.55.102

http://www.webuyfontana.com/cns4/

13.248.169.48

http://www.binpvae.lol/kfqo/

116.213.43.190

http://www.webuyfontana.com/cns4/?MXOD=nDFLlbM87h&9TND4h=b+X9HsydX2EZhoFbHWDGWLn8qSDjJiBvgg2FVhcLABkhzzs0ucmBPDMRqtKe3XUMFDw5FS9Ji9Imkcb4M+SgV1CrLIKWT8R/LC2e+AlJEb/hHwO3uGNSJEs=

13.248.169.48

http://www.ytw6.top/rmef/

38.47.232.224

http://www.mhtnvro.lol/il19/

116.213.43.190

http://www.lexiecos.top/ff8d/?MXOD=nDFLlbM87h&9TND4h=ohJD03igrpR8lwlwc1M4EqZrzingiHicFb+y4T5GGfrPyp+0FgUaOIwicDYxE9IqyQjr9lfiRuNbkNF7eyT6Zergy2OfkJkLywWhdn0W3d/t29Aith2p64g=

203.161.55.102

http://www.mhtnvro.lol/il19/?9TND4h=2W0Inf+zka60rkge6x3gGQQeo1iuz6hi+bPXuzv4I1vHSGtqZzoorLZZnoCmwyX2i4rMR0gWWwZYBzao7rAttPu5367SyozTICrQ88OWOZt9joXCP1iWm4I=&MXOD=nDFLlbM87h

116.213.43.190

http://www.hsck520.com

unknown

http://www.778981.com/p1dd/?MXOD=nDFLlbM87h&9TND4h=G7DDmCfNGXy3uJCEgcIIU1iXFvarFYWbvsRS9sxoYaNScQyM2A1goKEbo8KV9mX8trrejs5AH6YGa7AwDEXag2zD7gw0a+PZJfygUURv+5LCwJWR5NAeUOI=

165.154.0.120

http://www.augaqfp.lol/l8a4/

116.213.43.190

http://www.augaqfp.lol/l8a4/?9TND4h=CPL7YN3vcnDyuUFtA6pv3uMhLFbLrJb1JE9LZisFmiEQ0vYrwOGtj9QBvlTfLzXcbjIACE/TYt0vO88JJ7+OI7LCsTQn12dDmlA0tsWVEcE74AqN9n1fFjE=&MXOD=nDFLlbM87h

116.213.43.190

https://cdn.livechatinc.com/tracking.js

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://download.quark.cn/download/quarkpc?platform=android&ch=pcquark

unknown

https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js

unknown

https://duckduckgo.com/ac/?q=

unknown

https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js

unknown

https://track.uc.cn/collect

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

http://www.hsck520.com/2e2r/

35.190.52.58

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

https://www.ecosia.org/newtab/

unknown

https://v-cn.vaptcha.com/v3.js

unknown

https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://hm.baidu.com/hm.js?

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js

unknown

https://www.livechat.com/chat-with/14282961/

unknown

https://www.livechat.com/?welcome

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css

unknown

There are 26 hidden URLs, click here to show them.

Domains

Name

Malicious

ytw6.top

38.47.232.224

aj.ajunsdfancsda.com

147.92.36.231

www.binpvae.lol

116.213.43.190

www.lexiecos.top

203.161.55.102

www.augaqfp.lol

116.213.43.190

www.mhtnvro.lol

116.213.43.190

7a4ca695fd164z.greycdn.net

165.154.0.120

www.webuyfontana.com

13.248.169.48

www.778981.com

unknown

www.byteffederal.com

unknown

www.jjkelker.com

unknown

www.ytw6.top

unknown

www.caroinapottery.com

unknown

www.a9jcpf.top

unknown

www.mebutnotme.store

unknown

www.hsck520.com

35.190.52.58

There are 6 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

13.248.169.48

www.webuyfontana.com

United States

Details

IP:	13.248.169.48
TargetID:	5
Current Path:	C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	www.webuyfontana.com

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

203.161.55.102

www.lexiecos.top

Malaysia

Details

IP:	203.161.55.102
TargetID:	5
Current Path:	C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe
Country:	Malaysia
Countrycode:	MYS
ASN number:	45899
ASN name:	VNPT-AS-VNVNPTCorpVN
Private:	false
Domain:	www.lexiecos.top

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

165.154.0.120

7a4ca695fd164z.greycdn.net

Canada

Details

IP:	165.154.0.120
TargetID:	5
Current Path:	C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe
Country:	Canada
Countrycode:	CAN
ASN number:	7456
ASN name:	INTERHOPCA
Private:	false
Domain:	7a4ca695fd164z.greycdn.net

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

147.92.36.231

aj.ajunsdfancsda.com

Hong Kong

Details

IP:	147.92.36.231
TargetID:	5
Current Path:	C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe
Country:	Hong Kong
Countrycode:	HKG
ASN number:	59371
ASN name:	DNC-ASDimensionNetworkCommunicationLimitedHK
Private:	false
Domain:	aj.ajunsdfancsda.com

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

38.47.232.224

ytw6.top

United States

Details

IP:	38.47.232.224
TargetID:	5
Current Path:	C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe
Country:	United States
Countrycode:	USA
ASN number:	174
ASN name:	COGENT-174US
Private:	false
Domain:	ytw6.top

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

116.213.43.190

www.binpvae.lol

Hong Kong

Details

IP:	116.213.43.190
TargetID:	5
Current Path:	C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe
Country:	Hong Kong
Countrycode:	HKG
ASN number:	63889
ASN name:	CLOUDIVLIMITED-ASCloudIvLimitedHK
Private:	false
Domain:	www.binpvae.lol

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

35.190.52.58

www.hsck520.com

United States

Details

IP:	35.190.52.58
TargetID:	5
Current Path:	C:\Program Files (x86)\wyhexRQvvsUNbykgmUZEyCDIVqvoVFvXanvNWKmivskHrhUeeNqur\KWyVcOvVIsFTpZOKF.exe
Country:	United States
Countrycode:	USA
ASN number:	15169
ASN name:	GOOGLEUS
Private:	false
Domain:	www.hsck520.com

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

30D0000

trusted library allocation

page read and write

29A0000

system

page execute and read and write

EE0000

unclassified section

page execute and read and write

24B0000

unkown

page execute and read and write

2F50000

trusted library allocation

page read and write

400000

system

page execute and read and write

5020000

system

page execute and read and write

3B50000

unclassified section

page execute and read and write

103D000

heap

page read and write

2FD1000

heap

page read and write

69E000

unkown

page readonly

2ED1000

unkown

page execute and read and write

76A000

stack

page read and write

710000

heap

page read and write

50D7000

system

page execute and read and write

361C000

unkown

page read and write

2BEC000

unkown

page read and write

2DCB000

heap

page read and write

FDA000

heap

page read and write

37F3000

direct allocation

page read and write

2E1B000

heap

page read and write

22C0000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

6A5000

unkown

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

FD2000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3B42000

direct allocation

page execute and read and write

2FD1000

heap

page read and write

63DF000

unclassified section

page execute and read and write

2FD1000

heap

page read and write

EE0000

direct allocation

page read and write

8C0000

heap

page read and write

3013000

heap

page read and write

4B76000

unclassified section

page read and write

45DF000

unclassified section

page execute and read and write

2FD1000

heap

page read and write

6E0000

unkown

page readonly

4550000

unclassified section

page execute and read and write

3250000

trusted library allocation

page read and write

69E000

unkown

page readonly

3013000

heap

page read and write

C0E000

stack

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2E4E000

heap

page read and write

99F000

unkown

page readonly

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

16C122EB000

heap

page read and write

2FD1000

heap

page read and write

37A3000

direct allocation

page read and write

2FD1000

heap

page read and write

3523000

heap

page read and write

DFE000

stack

page read and write

321A000

heap

page read and write

16C13E0A000

trusted library allocation

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

16C13D00000

trusted library allocation

page read and write

16C12230000

heap

page read and write

2800000

heap

page read and write

7C0000

unkown

page readonly

3929000

direct allocation

page execute and read and write

2DB0000

heap

page read and write

69E000

unkown

page readonly

2E41000

heap

page read and write

360D000

direct allocation

page execute and read and write

50F9000

unkown

page read and write

22D0000

unkown

page readonly

4E9A000

unclassified section

page read and write

7E1C000

heap

page read and write

2FD1000

heap

page read and write

1113000

heap

page read and write

7EE0000

trusted library allocation

page read and write

69E000

unkown

page readonly

2FD1000

heap

page read and write

DFF000

heap

page read and write

2E4C000

heap

page read and write

7DF6000

heap

page read and write

49E4000

unclassified section

page read and write

2FD1000

heap

page read and write

2F30000

heap

page read and write

2FD1000

heap

page read and write

560000

unkown

page readonly

16C12260000

heap

page read and write

16C13FCE000

trusted library allocation

page read and write

2FD1000

heap

page read and write

2DC3000

heap

page read and write

2FD1000

heap

page read and write

690000

unkown

page readonly

37A3000

direct allocation

page read and write

3013000

heap

page read and write

7E13000

heap

page read and write

7DE1000

heap

page read and write

2FD1000

heap

page read and write

D40000

unkown

page readonly

2968000

stack

page read and write

2E8F000

heap

page read and write

16C122F2000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

691000

unkown

page execute read

2FD1000

heap

page read and write

2FD1000

heap

page read and write

C70000

unkown

page readonly

2FD1000

heap

page read and write

7D0000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

16C122DC000

heap

page read and write

DE8000

heap

page read and write

D40000

unkown

page readonly

22C0000

heap

page read and write

2E34000

heap

page read and write

850000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

6A5000

unkown

page read and write

E20000

direct allocation

page read and write

70E000

stack

page read and write

7C0000

unkown

page readonly

DB0000

unkown

page read and write

3682000

direct allocation

page execute and read and write

3999000

direct allocation

page read and write

3301000

heap

page read and write

379E000

heap

page read and write

3680000

direct allocation

page read and write

2FD1000

heap

page read and write

4571000

unclassified section

page execute and read and write

3013000

heap

page read and write

2FD1000

heap

page read and write

3340000

direct allocation

page execute and read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3AD1000

direct allocation

page execute and read and write

3D54000

unclassified section

page read and write

2FD1000

heap

page read and write

433F000

unkown

page execute and read and write

691000

unkown

page execute read

46C0000

unclassified section

page read and write

3A0E000

direct allocation

page read and write

2FD4000

unkown

page read and write

16C13AA0000

trusted library allocation

page read and write

39BE000

direct allocation

page read and write

2FD1000

heap

page read and write

620000

unkown

page read and write

39BE000

direct allocation

page read and write

2FD1000

heap

page read and write

854F000

stack

page read and write

224F000

stack

page read and write

9CF000

unkown

page write copy

2FD1000

heap

page read and write

2FD1000

heap

page read and write

7D0000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

FBADFC000

stack

page read and write

2FD0000

heap

page read and write

2FD1000

heap

page read and write

2C20000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

9C5000

unkown

page readonly

399D000

direct allocation

page read and write

7E09000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

43A000

stack

page read and write

9AF000

stack

page read and write

C10000

unkown

page read and write

63B0000

trusted library allocation

page read and write

103E000

heap

page read and write

1B9F000

stack

page read and write

50CB000

system

page execute and read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

C70000

unkown

page readonly

550000

unkown

page readonly

2FD1000

heap

page read and write

372D000

heap

page read and write

550000

unkown

page readonly

CE0000

heap

page read and write

2FD1000

heap

page read and write

3013000

heap

page read and write

6F0000

unkown

page readonly

10CF000

heap

page read and write

36D0000

direct allocation

page read and write

DE0000

heap

page read and write

C10000

unkown

page read and write

16C13E00000

trusted library allocation

page read and write

2DC0000

heap

page read and write

103F000

heap

page read and write

2E84000

heap

page read and write

7B0000

unkown

page readonly

9B0000

unkown

page readonly

2FD1000

heap

page read and write

2FD1000

heap

page read and write

5BE000

stack

page read and write

2FD1000

heap

page read and write

399E000

direct allocation

page execute and read and write

FE0000

heap

page read and write

2FD1000

heap

page read and write

53C000

stack

page read and write

3212000

heap

page read and write

332A000

heap

page read and write

290F000

stack

page read and write

2FD1000

heap

page read and write

3949000

direct allocation

page read and write

630000

heap

page read and write

2FD1000

heap

page read and write

9C5000

unkown

page readonly

37F3000

direct allocation

page read and write

50BB000

system

page execute and read and write

1270000

unkown

page readonly

C6C000

stack

page read and write

7B8000

heap

page read and write

2FD1000

heap

page read and write

FE0000

heap

page read and write

630000

heap

page read and write

10F4000

heap

page read and write

2FD1000

heap

page read and write

C90000

heap

page read and write

620000

unkown

page read and write

2E8A000

heap

page read and write

2FD1000

heap

page read and write

24A0000

heap

page read and write

570000

heap

page read and write

10E4000

heap

page read and write

D30000

heap

page read and write

7E0000

unkown

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3776000

heap

page read and write

7DFB000

heap

page read and write

2FD1000

heap

page read and write

16C122C0000

heap

page read and write

9D8000

unkown

page readonly

3692000

unclassified section

page read and write

2FD1000

heap

page read and write

392D000

direct allocation

page execute and read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3680000

direct allocation

page read and write

5E0000

unkown

page read and write

691000

unkown

page execute read

EA0000

direct allocation

page read and write

2E2D000

heap

page read and write

2FC0000

heap

page read and write

3250000

trusted library allocation

page read and write

2E2A000

heap

page read and write

3940000

unkown

page read and write

2FD1000

heap

page read and write

10E4000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2E07000

heap

page read and write

2E2F000

heap

page read and write

2FD1000

heap

page read and write

C6E000

stack

page read and write

2FD1000

heap

page read and write

690000

unkown

page readonly

16C13C80000

heap

page read and write

7B0000

heap

page read and write

2FD1000

heap

page read and write

2DCB000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

16C13AA0000

trusted library allocation

page read and write

EE0000

direct allocation

page read and write

32B5000

heap

page read and write

3680000

direct allocation

page read and write

24A0000

heap

page read and write

E3C000

stack

page read and write

EE0000

unkown

page readonly

2FD1000

heap

page read and write

31B0000

trusted library allocation

page execute and read and write

2E2A000

heap

page read and write

3013000

heap

page read and write

2E37000

heap

page read and write

3800000

direct allocation

page execute and read and write

396C000

unclassified section

page read and write

7DF1000

heap

page read and write

3469000

direct allocation

page execute and read and write

3700000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3999000

direct allocation

page read and write

2E20000

heap

page read and write

3013000

heap

page read and write

2FD1000

heap

page read and write

EE0000

direct allocation

page read and write

2FD1000

heap

page read and write

16C13FC4000

trusted library allocation

page read and write

3ACD000

direct allocation

page execute and read and write

2E5C000

heap

page read and write

3013000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

819E000

stack

page read and write

2E2F000

heap

page read and write

2FD1000

heap

page read and write

2F3F000

unkown

page execute and read and write

10AD000

heap

page read and write

2FD1000

heap

page read and write

7F1000

unkown

page readonly

2FD1000

heap

page read and write

2FD1000

heap

page read and write

700000

unkown

page readonly

3013000

heap

page read and write

394D000

direct allocation

page read and write

3F0000

heap

page read and write

2FD1000

heap

page read and write

3701000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

30F3000

heap

page read and write

2FD1000

heap

page read and write

3217000

heap

page read and write

600000

unkown

page readonly

7B8000

heap

page read and write

43A000

stack

page read and write

FE0000

heap

page read and write

2FD1000

heap

page read and write

16C13FBE000

trusted library allocation

page read and write

2FD1000

heap

page read and write

67E000

stack

page read and write

AFC000

stack

page read and write

190000

unkown

page readonly

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3000000

heap

page read and write

37A3000

direct allocation

page read and write

2E37000

heap

page read and write

2E41000

heap

page read and write

4D3F000

unkown

page execute and read and write

6E0000

unkown

page readonly

3205000

heap

page read and write

37F3000

direct allocation

page read and write

2FD1000

heap

page read and write

600000

unkown

page readonly

2FD1000

heap

page read and write

2704000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

180000

unkown

page readonly

50F5000

unkown

page read and write

DE8000

heap

page read and write

2FD1000

heap

page read and write

50B1000

system

page execute and read and write

2FD1000

heap

page read and write

7B0000

unkown

page readonly

7DEC000

heap

page read and write

6F0000

unkown

page readonly

911000

unkown

page execute read

2FD1000

heap

page read and write

2FD1000

heap

page read and write

16C13E03000

trusted library allocation

page read and write

2704000

heap

page read and write

7A0000

unkown

page readonly

720000

heap

page read and write

32B9000

heap

page read and write

179E000

stack

page read and write

103C000

heap

page read and write

540000

unkown

page readonly

3870000

direct allocation

page read and write

7A0000

unkown

page readonly

180000

unkown

page readonly

911000

unkown

page execute read

16C13E0F000

trusted library allocation

page read and write

7E03000

heap

page read and write

76D000

stack

page read and write

6A5000

unkown

page read and write

2FD1000

heap

page read and write

6A5000

unkown

page read and write

2DBB000

heap

page read and write

2E62000

heap

page read and write

E1B000

stack

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

EE0000

unkown

page readonly

2E94000

heap

page read and write

2800000

heap

page read and write

2FD1000

heap

page read and write

318C000

heap

page read and write

1113000

heap

page read and write

2FD1000

heap

page read and write

3DF6000

unkown

page read and write

2C44000

heap

page read and write

700000

unkown

page readonly

2FD1000

heap

page read and write

8E0000

heap

page read and write

2FD1000

heap

page read and write

FBBDFE000

stack

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

FBC5FE000

stack

page read and write

22D0000

unkown

page readonly

2FD1000

heap

page read and write

5C0000

unkown

page read and write

3013000

heap

page read and write

7DFE000

heap

page read and write

690000

unkown

page readonly

3870000

direct allocation

page read and write

2FD1000

heap

page read and write

9D3000

unkown

page write copy

38A000

stack

page read and write

103D000

heap

page read and write

3110000

trusted library allocation

page read and write

910000

unkown

page readonly

2FD1000

heap

page read and write

16C120A8000

system

page execute and read and write

76A000

stack

page read and write

2E20000

heap

page read and write

2700000

heap

page read and write

1103000

heap

page read and write

3820000

direct allocation

page read and write

560000

unkown

page readonly

12694000

system

page read and write

5D1000

unkown

page readonly

2FD1000

heap

page read and write

AFC000

stack

page read and write

12092000

system

page read and write

3A0E000

direct allocation

page read and write

3A0E000

direct allocation

page read and write

2FD1000

heap

page read and write

2E59000

heap

page read and write

7E10000

heap

page read and write

32CE000

stack

page read and write

394D000

direct allocation

page read and write

393F000

unkown

page execute and read and write

99F000

unkown

page readonly

2FD1000

heap

page read and write

DA0000

unkown

page read and write

CAA000

stack

page read and write

3400000

heap

page read and write

122AC000

system

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2A2C000

unkown

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

C90000

heap

page read and write

7E0000

unkown

page read and write

2FD1000

heap

page read and write

3600000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

D9F000

stack

page read and write

5E0000

unkown

page read and write

1103000

heap

page read and write

292B000

stack

page read and write

6A7000

unkown

page readonly

16C12140000

heap

page read and write

D00000

heap

page read and write

7E27000

heap

page read and write

2FD1000

heap

page read and write

690000

unkown

page readonly

5C0000

unkown

page read and write

FA0000

heap

page read and write

2FD1000

heap

page read and write

910000

unkown

page readonly

2FD1000

heap

page read and write

2C44000

heap

page read and write

3870000

direct allocation

page read and write

2FD1000

heap

page read and write

399D000

direct allocation

page read and write

2FD1000

heap

page read and write

35FF000

stack

page read and write

2FD1000

heap

page read and write

39BE000

direct allocation

page read and write

1020000

heap

page read and write

26BC000

unkown

page read and write

2FD1000

heap

page read and write

1103000

heap

page read and write

1103000

heap

page read and write

16C13F01000

trusted library allocation

page read and write

2FD1000

heap

page read and write

E0E000

stack

page read and write

540000

unkown

page readonly

2FD1000

heap

page read and write

34FF000

stack

page read and write

2FD1000

heap

page read and write

3949000

direct allocation

page read and write

9CF000

unkown

page read and write

411A000

unkown

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3611000

direct allocation

page execute and read and write

DE0000

heap

page read and write

891000

unkown

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3013000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

FD3000

heap

page read and write

2DC0000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3820000

direct allocation

page read and write

3999000

direct allocation

page read and write

3219000

heap

page read and write

7E18000

heap

page read and write

2BEC000

unkown

page read and write

81C0000

heap

page read and write

2FD1000

heap

page read and write

3C64000

unkown

page read and write

DA0000

unkown

page read and write

2FD1000

heap

page read and write

7F1000

unkown

page readonly

2E34000

heap

page read and write

16C13AA0000

trusted library allocation

page read and write

3002000

heap

page read and write

2FD1000

heap

page read and write

439C000

unclassified section

page read and write

3949000

direct allocation

page read and write

190000

unkown

page readonly

570000

heap

page read and write

2710000

unkown

page readonly

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

330E000

stack

page read and write

2710000

unkown

page readonly

FBB5FD000

stack

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

7DD4000

heap

page read and write

9D8000

unkown

page readonly

2DE0000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

1270000

unkown

page readonly

37AC000

unclassified section

page read and write

3013000

heap

page read and write

691000

unkown

page execute read

2FD1000

heap

page read and write

3205000

heap

page read and write

2FD1000

heap

page read and write

7B0000

heap

page read and write

24A4000

heap

page read and write

2F30000

trusted library allocation

page read and write

6A7000

unkown

page readonly

2FD1000

heap

page read and write

3013000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3013000

heap

page read and write

2E1B000

heap

page read and write

4FDF000

unclassified section

page execute and read and write

2FD1000

heap

page read and write

7DF8000

heap

page read and write

5080000

unkown

page read and write

E10000

heap

page read and write

3200000

heap

page read and write

3250000

trusted library allocation

page read and write

2C44000

heap

page read and write

3820000

direct allocation

page read and write

3013000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD0000

heap

page read and write

16C122F2000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

11FD2000

system

page read and write

3601000

heap

page read and write

2FD1000

heap

page read and write

16C122EF000

heap

page read and write

3013000

heap

page read and write

2912000

unkown

page read and write

2FD1000

heap

page read and write

2E2D000

heap

page read and write

16C122CA000

heap

page read and write

3752000

unclassified section

page read and write

36D0000

direct allocation

page read and write

2E70000

heap

page read and write

5D1000

unkown

page readonly

36D0000

direct allocation

page read and write

870000

direct allocation

page execute and read and write

394D000

direct allocation

page read and write

2FD1000

heap

page read and write

6A7000

unkown

page readonly

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3217000

heap

page read and write

E5E000

stack

page read and write

59DF000

unclassified section

page execute and read and write

2C40000

heap

page read and write

2FD1000

heap

page read and write

F30000

direct allocation

page read and write

2FD1000

heap

page read and write

399D000

direct allocation

page read and write

2C10000

heap

page read and write

2EB0000

unkown

page execute and read and write

346D000

direct allocation

page execute and read and write

16C12040000

system

page execute and read and write

2912000

unkown

page read and write

2FD1000

heap

page read and write

E9E000

stack

page read and write

53C000

stack

page read and write

1A0000

unkown

page readonly

24A4000

heap

page read and write

50DA000

system

page execute and read and write

2FD1000

heap

page read and write

29D2000

unkown

page read and write

7ED0000

trusted library allocation

page read and write

16C13FAB000

trusted library allocation

page read and write

6A7000

unkown

page readonly

2700000

heap

page read and write

34DE000

direct allocation

page execute and read and write

16C120A6000

system

page execute and read and write

2FD1000

heap

page read and write

3729000

heap

page read and write

524C000

unkown

page read and write

8C4000

heap

page read and write

9B0000

unkown

page readonly

1A0000

unkown

page readonly

2FD1000

heap

page read and write

512E000

system

page execute and read and write

16C13E21000

trusted library allocation

page read and write

FA8000

heap

page read and write

2FD1000

heap

page read and write

There are 634 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
PTT Group project - Quotation.exe

Files

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportPTT Group project - Quotation.exe

Files

Processes

URLs

Domains

IPs

Memdumps

IOC Report
PTT Group project - Quotation.exe